Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN configuration under a Dual-WAN infrastructure ?

J Thai

Hello everyone,

I am using the Sophos XG (Home) v18.5 firewall router with 2 WAN lines running load balance. Now that I look forward to setting up a VPN profile for remote administration, I want this VPN connectivity to be accessible even if my WAN IP changes suddenly (e.g. failover).

The Sophos XG Firewall supports several types of VPN, I am looking at the possibility of deploying an SSL VPN by TCP protocol for the ease of use and commonality. Will this work for me ? If not, what other kinds of VPN or configurations will ? Also, do I need a DDNS account in order for this firewall to broadcast my WAN IP to the VPN connection in case of failover ?

Thank you in advance.



This thread was automatically locked due to age.
  • 0

    If you want to do remote administration of the xg why not use central?
    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hello,

    I don’t want to open a backdoor on my network. 

  • 0 in reply to J Thai

    Opening the XG front door by using a VPN is more secure eg exposing it to the internet so?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • +1

    If you don't have a static IPv4 on both WAN interfaces you will need to use DDNS for both, but if one of the WAN IP's are static you only need DDNS for the secondary WAN.

    If you already have a domain you can check if the DDNS provider is available on the Firewall, if not (and since you're a home user) you can either use DNS-O-Matic or migrate your domain DNS to Cloudflare.

    J Thai said:
    The Sophos XG Firewall supports several types of VPN, I am looking at the possibility of deploying an SSL VPN by TCP protocol for the ease of use and commonality. Will this work for me ?

    With DDNS, yes. (And if you can use SSL VPN (OpenVPN) with TCP at 443.)

    Just a reminder, on the SSL VPN configuration you need to use your static IPv4 (If available), then edit the config and manually add the secondary remote; Example:

    remote 1.1.1.1 443 tcp-client
remote vpn.domain.com 443 tcp-client

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to rfcat_vk

    Interesting question. Thanks for having asked me that.

    With Sophos Central, Sophos is in charge of my everything.
    With the VPN, I myself am in charge of my everything.

    From an digital security perspective, which one should I prefer ?

  • 0 in reply to J Thai

    I was very skeptical of Sophos Central initially, but: a) VPN'ing in to the firewall directly is more complicated than you might think in terms of trying to administer the firewall as if you were local, b) Sophos Central has a lot of convenient features, and in my case c) Sophos Central's wireless administration gives some additional features to Sophos APs that you don't get from local administration.

  • 0 in reply to Wayne Folta

    That was a healthy suspicion until you fell for the convenience of their remote control service.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML